Page MenuHomeSolus

Update libidn2 to 2.0.4
ClosedPublic

Authored by kyrios123 on Aug 27 2017, 9:01 PM.
Tags
Referenced Files
F11002718: D891.diff
Mon, Jul 31, 3:38 AM
F10994690: D891.id2090.diff
Wed, Jul 26, 12:04 AM
F10970560: D891.id2259.diff
Fri, Jul 21, 3:00 AM
F10963251: D891.id1955.diff
Wed, Jul 19, 2:46 AM
F10961858: D891.id2001.diff
Tue, Jul 18, 6:49 PM
F10946487: D891.diff
Sat, Jul 15, 10:22 AM
F10893815: D891.id2259.diff
Jul 1 2023, 3:24 AM
F10879087: D891.diff
Jun 21 2023, 6:52 PM
Subscribers
None

Details

Summary

Security:

  • Fix CVE-2017-14061
  • Fix CVE-2017-14062

Changeog:

  • Fix integer overflow in bidi.c/_isBidi()
  • Fix integer overflow in puny_decode.c/decode_digit()
  • Improve docs
  • Fix idna_free() to idn_free()
  • Update fuzzer corpora
  • %IDN2_USE_STD3_ASCII_RULES disabled by default. Previously we were eliminating non-STD3 characters from domain strings such as _443._tcp.example.com, or IPs 1.2.3.4/24 provided to libidn2 functions. That was an unexpected regression for applications switching from libidn and thus it is no longer applied by default. Use %IDN2_USE_STD3_ASCII_RULES to enable that behavior again.
  • Fix several documentation issues
  • Fix build issues
  • Modernize gtk-doc build infrastructure.

Packaging:

  • Remove: unnecessary builddep
  • Add: make check

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Did a few checks with curl+libidn2

Diff Detail

Repository
R3478 libidn2
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kyrios123 retitled this revision from Update libidn2 to 2.0.3 to Update libidn2 to 2.0.4.
kyrios123 edited the summary of this revision. (Show Details)

Bump to 2.0.4

  • Fix integer overflow in bidi.c/_isBidi()
  • Fix integer overflow in puny_decode.c/decode_digit()
  • Improve docs
  • Fix idna_free() to idn_free()
  • Update fuzzer corpora
kyrios123 edited the summary of this revision. (Show Details)
kyrios123 added a project: Restricted Project.

Update description for CVE-2017-14061 & CVE-2017-14062

This revision is now accepted and ready to land.Sep 13 2017, 10:53 AM
This revision was automatically updated to reflect the committed changes.